How to set windows event viewer to automatically send email based on logged event ?

Hi all,

How can we set the event Viewer in Windows Server 2008R2 and 2012 R2 to send out email based on the logged event ?

I'd like to use it to know for account lock out trouble shooting and some other monitoring purpose.

Thanks
LVL 10
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

VB ITSSpecialist ConsultantCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
You'll want to look at a 3rd party application to do this. 2008 R2 had a basic trigger, but is cumbersome to configure and adjust and has been deprecated in newer OSes. You could theoretically have a trigger fire off a script that has SMTP baked in, but again, you are now talking about a bunch of triggers and manually modifying scripts... not very scalable. There are enough event monitoring solutions that have databases of known event IDs, some relatively inexpensive, that you'll quickly get a return on investment from labor costs alone, regardless of OS.
0
SandeepSr System AdministratorCommented:
You can make use of Log Parser to scan the logs and pull out selected event log which can be stored in Text file. And same can be sent with mail sending exe files with some vbscripts. On our servers we had installed this successfully and we used to get emails without any issues.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
I strongly suggest you look at Splunk as it has advanced capabilities as well as a very user friendly interface for monitoring and alerting.

http://www.splunk.com
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok so in this case it is possible in Win2008R2 but somehow not for Server 2012 and newer ?
0
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
It does work for 2012 or newer also, however, it is very limited in features and that is why it would be better to use a third party tool such as Splunk.  Splunk also has a light forwarder that can also send data to a syslog server, however, Splunk uses TCP which makes it reliable and you will not lose any events.
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, so in order to use Splunk, both type of Windows Server event viewer must be configured in forwarded events to the Splunk system ?

Can it works on the free version of splunk ?
0
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Free version of Splunk can index up to 500 MB per day and it will work fine.
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
thanks for the input and suggestion guys !
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.